From 6928c623230d870fa54f63ac5c5128dbdd0b8e00 Mon Sep 17 00:00:00 2001 From: Daniel sea McChlery Date: Thu, 16 Oct 2014 22:54:59 -0400 Subject: Applied pehjota's patch for the iptables init script. --- diff --git a/build b/build index 96d8ed8..d7adfbc 100755 --- a/build +++ b/build @@ -16,6 +16,9 @@ install: build rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libip6tc.la" rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libiptc.la" rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libxtables.la" + install -d -m 0755 dest/etc/init.d + install -p -m 0755 ../iptables.pkg/iptables.init \ + dest/etc/init.d/iptables oh-fixperms oh-strip oh-installfiles diff --git a/changelog b/changelog index c820dbb..a1a7a9e 100644 --- a/changelog +++ b/changelog @@ -4,6 +4,7 @@ iptables (1.4.21-2) trunk * Moved libxtables.so into the libxtables.10-dev package. * Removed the dest/ directory from libxtables.10 * Removed the xtables pkg-config files from libiptc.0-dev + * /etc/init.d/iptables: New service initialization script. -- "Daniel sea McChlery" Wed Jun 25 2014 17:56:22 -0400 diff --git a/iptables.pkg/control b/iptables.pkg/control index 0a7bde7..cd1dc51 100644 --- a/iptables.pkg/control +++ b/iptables.pkg/control @@ -1,5 +1,9 @@ Architecture: any-linux-any Platform: all Depends: iptables-common (>= ${Source-Version}), libxtables.10, libiptc.0 +# busybox provided /etc/init.d/iptables from version 1.21.1-9 to version +# 1.21.1-11, so we need to declare a conflict with those versions of busybox. +Replaces: busybox (<< 1.21.1-12) +Conflicts: busybox (<< 1.21.1-12) Description: iptables binary tools The iptables tools are used to manipulate kernel firewall tables. diff --git a/iptables.pkg/files b/iptables.pkg/files index ec51757..b5e149b 100644 --- a/iptables.pkg/files +++ b/iptables.pkg/files @@ -1,2 +1,3 @@ /usr/bin /usr/sbin +/etc/init.d/iptables diff --git a/iptables.pkg/iptables.init b/iptables.pkg/iptables.init new file mode 100644 index 0000000..31a9311 --- /dev/null +++ b/iptables.pkg/iptables.init @@ -0,0 +1,38 @@ +#!/bin/sh /etc/rc.common + +START='25' +STOP='75' + +start() +{ + [ -r /etc/iptables ] || return 0 + + log 'Loading iptables rules' + + /bin/sh /etc/iptables +} + +stop() +{ + local table= + local chains= + local chain= + + [ -r /etc/iptables ] || return 0 + + log 'Flushing iptables rules' + + # For each table (raw, nat, mangle, filter, etc.): + for table in $(cat /proc/net/ip_tables_names); do + # Flush all the rules in all the chains and delete all the + # user-defined chains. + /usr/sbin/iptables -t "${table}" -F + /usr/sbin/iptables -t "${table}" -X + chains="$(/usr/sbin/iptables -t "${table}" -L -n | \ + sed -n 's/^Chain \([^ ]*\).*$/\1/p')" + for chain in ${chains}; do + # Set the chain's policy to the "ACCEPT" target. + iptables -t "${table}" -P "${chain}" ACCEPT + done + done +} diff --git a/iptables.pkg/postinst b/iptables.pkg/postinst new file mode 100644 index 0000000..c120f92 --- /dev/null +++ b/iptables.pkg/postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +if [ "x${1}" = 'xconfigure' ]; then + /etc/init.d/iptables enable +fi diff --git a/iptables.pkg/prerm b/iptables.pkg/prerm new file mode 100644 index 0000000..231d281 --- /dev/null +++ b/iptables.pkg/prerm @@ -0,0 +1,5 @@ +#!/bin/sh + +if [ "x${1}" = 'xremove' ]; then + /etc/init.d/iptables disable +fi -- cgit v0.9.1